Jason Haley

Ramblings from an Independent Consultant

Web Apps 2019 from Boston Code Camp 31

It has now been a week since Boston Code Camp 31, where I presented my new Azure Web Apps 2019 talk. I originally structured the talk to introduce things that have change or are changing in the near future in Azure Web Apps (according to announcements at Ignite last year) – which all assumed a basic knowledge of Web Apps. However there was a good percentage of people in the crowd that didn’t have that basic knowledge … so I spent more time walking through features in the tour of Web Apps than planned. Which meant I didn’t have the time for the full set of demos I had wanted to go through. There were also quite a few questions – which I though was well worth missing some of the demos.

If you attended the session and want to know more detail about the demos: I am modifying the talk to a hands on session for the Boston Area Global Azure Bootcamp (Burlington location) on April 27 – so you can come and walk through the code yourself!

The power point can be found here: AzureWebApps2019.pptx 

This was the second time I’ve given this talk. The first time I gave the talk I used one of my github repos for the code sample, but I recently found Joonas Westlin’s Github repo that is more complete than mine: Azure Managed Identity demo collection so this time I used his code. Thanks Joonas!

Here are some notes for you incase you missed it.

Newer Features

This section of the presentation is to highlight some of the things that have been added via the Azure Portal that you would find useful to know if you haven’t been in the portal for a little while to notice.

Changes on App Settings blade
  • Now called Configurations
  • Has tabs for fitting on one page better
  • FTP configuration (added last year)
  • HTTP/2 Support (added last year)
  • Settings and connection string values are now hidden by default
  • Advanced Edit allows you to edit multiple settings quickly in a json format (this is new)
Custom domains and SSL Settings blade
  • HTTPS Only (added last year in two places)
    • Custom domains blade
    • SSL Settings blade
  • Minimum TLS version is now configurable (added last year)
Networking blade
  • Can now add IP Restrictions (white listing) for you web app
    • Supports IP v4 and v6
  • Can handle the IP Restrictions for web app and kudu site separately (this is new)
Deployment slots blade
  • Improved UX
  • Combined the Testing in production features
Deployment Center blade
  • Improved UX
  • Search and filter repositories
  • Revamped log files

Securing Web Apps

This section of the presentation was to highlight how to use two new-ish features to make your web app more secure: managed identity and VNET integration (preview).

SNAGHTML447ca7

Managed Identity
  • Identity blade in Web Apps
    • System Assigned
    • User Assigned
  • Allows Azure resources to authenticate to other resources without storing credentials
  • Deployment slots have different identities
  • Best to work with by adding to an AAD security group
New VNet Integration (Preview)
  • Does not use Point to site VPN (this is new and in preview)
  • Requires unused subnet with 32 addresses
  • App and VNet must be in the same region
Virtual Network Service Endpoints
  • Extend your VNet to Azure services
  • Available with:
    • Storage
    • SQL DB
    • Key Vault
    • SQL Data Warehouse
    • PostgreSQL
    • MySQL
    • Cosmos DB
    • Service Bus
    • Event Hubs
Azure Key Vault
  • For storing your
    • secrets
    • keys
    • certificates
  • Has IP Firewall
  • Integrates with VNet (via service endpoint)
  • Access policies
    • Manage identity permissions
      • Users
      • Managed Identities
Azure Storage
  • Encrypted at rest – can now bring your own key (this is new)
  • Soft delete (this is new)
  • Has IP Firewall
  • Integrates with VNet (via service endpoint)
  • Access control
    • Manage identity permissions
      • Users
      • Managed Identities
SQL DB
  • Has IP Firewall
  • Integrates with VNet (via service endpoint)
  • Can grant SQL DB access to managed identity or AAD security group
Demo steps
  1. Walk through local development using managed identity
    1. Add local user to storage
    2. Add local user to SQL DB and client IP firewall
  2. Create a managed identity for web app
    1. Enable System Managed Identity in web app
    2. Create AAD group and add new managed identity as a member
  3. Connect web app to VNet
    1. Create VNet and subnet
    2. Enable Service endpoints on subnet
    3. Create NSG for SQL out and add to subnet
    4. Turn on VNet Integration (Preview) in Web App
  4. Connect Key Vault to VNet
    1. Configure Access policies for managed identity or AAD Group
    2. Configure VNet
  5. Connect storage to VNet
    1. Configure Access policies for managed identity or AAD Group
    2. Configure VNet
  6. Connect SQL to VNet
    1. Configure network rule and add to VNet
    2. Add AAD Group to SQL DB via sql
Resources

Samples: https://github.com/juunas11/Joonasw.ManagedIdentityDemos

What is new in Azure App Service networking
https://bit.ly/2FTre8Y

In the security trenches of Azure SQL Database and Azure SQL Data Warehouse
https://bit.ly/2S7wdIX

Tutorial: Secure Azure SQL Database connection from App Service using a managed identity
https://bit.ly/2RkdJAh

Learn how to protect your data in Azure Storage with new features and capabilities
https://bit.ly/2WjP96m

Manage keys, secrets, and certificates for secure apps and data with Azure Key Vault
https://bit.ly/2HEfZCU

Going Independent from Boston Code Camp 31

Last weekend was Boston Code Camp 31, where I presented my Going Independent talk to a small crowd of interested individuals. It is always a small but very interested crowd. Most attendees consisted of full time employees this time – which is exactly the audience I put it together for.

The power point can be found here: GoingIndependent2019.pptx

I have given the presentation at least a dozen times now in the past 9.5 years, here’s the cliff notes for you incase you missed this year’s version of it.

1. Why? 

Know why you want to be an independent, what is important to you? Are you sure you can’t just switch jobs and find what you are really after? How about just freelancing and keeping your job plus some side work?

Next, show chart of full time employee with direct deposit (ie. stable income every 2 weeks).

Follow that up with my actual income chart as an independent consultant – which is all over the place. 0 for some months, while other months are more than 10k a month.

Then the annual chart – which is more stable but still not the same as the FTE chart shown first.

2. Are you Still interested?

Get some advice – talk to friends, family, other independent consultants, people that could hire you. Run your ideas by them and get feedback plus spread the word for what type of work you are looking for

Find Client #1 – usually the easiest client to find. Could be previous employers, co-workers, other independent consultants, etc.

Establish Your Company – Get an accountant and lawyer – find out the best legal entity type for your situation and set it up (LLC, S-Corp, C-Corp), open a business bank account and get a business credit card to keep everything separate from the beginning.

3. Get Started

Note on Work Expectations – FTE vs. Consultant

- What works to climb the corporate ladder doesn’t always help you when you are a consultant
Examples:

  • Doing what you are asked to do without questioning it (no estimates, just getting started)
  • Throwing more time at a problem to fix it

Advice:

  • Clarify what expectations are before starting any work
  • Learn to estimate and always track your hours
  • Managing expectations is very important to keep good relationships

Stay organized – invoice regularly, keep track of your cash flow and expenses, pay yourself and keep at least 6 months living expenses back (ie. always have F-you money so you are never in a situation where you can’t say no).

4. Finding the next client(s)

Contract or consultant? – contract work: check job boards or recruiters. A lot like being an employee with a middleman. Consultant – its up to you. Referrals are very important.

Network – have 2 answers to the question “What do you do?”. First the broader answer of what you will settle for (use when you really need the work). Second, answer for what you really want to do (the reason you are an independent after all).

  • Network with complimentary skilled consultants – Example: Architects, Database, Security people are all out there networking to – so if you are a web developer make sure you know them so they can refer you work if they find a need for web developers and vice versa.
  • If you are an introvert and not great at networking – have 2 groups you network with – practice groups that most likely won’t be your clientele and groups that could refer you real work. Use the practice groups to get comfortable.

Become an expert – this is like a phase 2. Once you are able to make a living doing this self employed thing – set out to take it up a level. Speak at user groups, write a blog and write open source projects – these 3 items can serve as your marketing material.

2 + 1 Rule – always have 2 small projects that pay something but are not time sensitive (or at least are flexible) and have 1 project that pays the bills. The 2 small projects can help cushion the period between the big projects.